Cisco is a perennial leader in developing state-of-the-art firewalls for the broadest possible variety of environments. Cisco's Firepower NGFWs Firewalls represent an advanced cybersecurity solution that marshals sophisticated hardware, cloud-based services, and machine learning to anticipate, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist you to plan and execute an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's subscription-based security services to build and centrally manage IT ecosystems that span branch offices, data centers, and cloud resources. Progent can also help you to maintain and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning based on leading best practices so you can establish a consistent and effective cybersecurity posture that applies to all your devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls deliver a significant performance improvement compared to Cisco's previous-generation ASA 5500-X security appliances and include unified control of modern cybersecurity capabilities such as application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing. For details about Cisco's Firepower line of Next Generation Firewalls, see Firepower Series firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide array of features to match the security requirements of companies from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500, and PIX firewalls allow network security staffs to defend their network perimeter and provide safe offsite and mobile connectivity while utilizing advanced management tools built on Cisco's industry-leading firewall products.
Cisco's ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life status but are still commonly deployed in small and mid-size organizations and in a few larger networks. Cisco's ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewalls, if properly managed, can offer a high level of protection by providing multiple features including firewall, VPN, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier network consultants can help you to support and debug legacy ASA 5500 and PIX firewalls and can also help you to plan and implement an efficient migration to Cisco's ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, integrate, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent can also help your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls features an improved replacement for each rack-mountable model in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the identical environment as the corresponding earlier models, which gives small and midsize businesses plenty of room for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line provide dependable protection across any mix of physical, virtual, and cloud environments.
For more information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA security appliances, see Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or physical modules that enable Cisco's Firepower Services, which offer layered protection against advanced attacks. Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against both familiar and new attacks
- Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to discover threats that use simultaneous approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of threats
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered security
Simpler implementations of Cisco ASA firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM includes a simple web dashboard for configuring, administering, and troubleshooting ASA 5500-X firewalls and service modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a dashboard that provides real-time infrastructure visualization, automated policy tuning based on risk evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering behind Cisco's PIX 500 Series Security Appliance, the IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver program security, local containment, and safe Virtual Private Network functionality throughout Cisco's product line. This broad scope of protection enables defense of any network segment, which includes the most typical attack conduits like remote sites, locally-connected inside users, and off-site connected VPNs.
The scalable architecture of the Cisco ASA 5500 family allows you to add features by installing security service modules (SSMs) and cards. These user-installable options give you the option of adding Intrusion Protection and content protection services like blocking virus, worms, and phishing assaults and performing file and web filtering. Beside enabling you to react quickly to the latest threat vectors, the extensible design of the Cisco ASA 5500 Series also leverages your hardware investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also protects your investment in administrative team training by supporting the familiar library of PIX 500 security management tools and protocols such as the Cisco ASDM system, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application security via intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a more secure network including Web, voice, and mobile wireless access. To defend against application-layer attacks and to offer better control over the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledge and rely on protection enforcement solutions such as protocol anomaly sensing and application and protocol state monitoring. Also incorporated are attack detection and mitigation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, enabling businesses to enforce usage policies and conserve bandwidth for critical business applications.
For more details about Progent's consulting services for ASA 5500 security appliances, go to Cisco ASA 5500 series firewalls integration and troubleshooting support.
PIX Security Appliance Series
Built upon a tested, specialized software platform that delivers a wealth of protection services, PIX security appliances provide a high level of security and have received EAL 4 status and ICSA Labs Firewall and IP Security qualification. PIX firewall appliances provide protection for a wide range of Voice over IP and additional mixed-media standards such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to protect deployments of a wide array of current and upcoming VoIP and mixed-media applications.
PIX firewall appliances feature a variety of setup, monitoring, and analysis options, giving businesses the versatility to utilize the methods that most closely meet their needs. Management options include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated ASDM interface provides a world-class Web-based control platform that greatly simplifies the installation, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra utility beyond a standard browser and Java plug-in to be installed on a manager's computer.
Administrators can furthermore remotely set up, track, and analyze PIX security appliances via a command-line interface (CLI). Safe command-line interface (CLI) communication is possible using several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have robust automatic-update capabilities, a set of advanced secure remote-administration options that ensure firewall settings and software images are kept current.
For more information about Progent's consulting services for PIX 500 firewalls, see Cisco PIX 500 firewalls configuration and troubleshooting support.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has discontinued selling the PIX 500 and ASA 5500 product lines, many companies are concerned about relying on a key infrastructure mechanism that might stop being supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being new products and also bring several technical and economic benefits in comparison to PIX 500 firewalls. These benefits include substantially better performance, optional Secure Sockets Layer VPN support, and an expandable architecture that guards your investment by allowing you to add new security features whenever you need them. Progent's Cisco certified experts can assist your company to determine the business case for moving from PIX or ASA 5500 security appliances, design a migration plan that permits a quick and seamless changeover, help your IT staff to install new ASA 5500-x or Firepower Series appliances, and offer remote training, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting options that give you the flexibility to configure these firewalls to align optimally with your business requirements. Progent's CCIE authorized network professionals can show you how to configure and support a cost-effective infrastructure that includes Cisco security appliances and that provides advanced protection, resilience, performance, and recoverability. Progent's GISA and CISM-premier IS security experts can help you to create a security strategy that makes sense for your business and can configure your firewall to enforce your security policies. Progent's risk assessment consultants can evaluate the effectiveness of your existing firewall solution and audit the security of your whole IT environment. Progent's Help Desk support team can provide emergency online troubleshooting for Cisco products and offer quick access to a Cisco CCIE network engineer.
To see more information about Progent's engineering help for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about engineering support for Cisco products, phone 1-800-993-9400 or visit Contact Progent.